准备数据库,and expose docker port internally:
sudo docker run -d --name bugzilla_db -e MYSQL_ROOT_PASSWORD=root -p 127.0.0.1:3307:3306 411
进入docker建立数据库
从docker hub上拉取镜像,并容器互联:
sudo docker run -d -p 9081:80 --name bugzilla -v /tmp:/etc/msmtprc:ro --link bugzilla_db:db -e MYSQL_HOST=172.17.0.9 -e MYSQL_PORT=3306 -e MYSQL_DB=bugzilla -e MYSQL_USEER=root -e MYSQL_PWD=root achild/bugzilla
不过,启动时指定的参数好像没有写入到配置文件,遂进入容器改动配置:
bugzilla的/var/www/bugzilla-4.4.8/localconfig.
# If you do not have access to the group your scripts will run under,
# set this to "". If you do set this to "", then your Bugzilla installation
# will be _VERY_ insecure, because some files will be world readable/writable,
# and so anyone who can get local access to your machine can do whatever they
# want. You should only have this set to "" if this is a testing installation
# and you cannot set this up any other way. YOU HAVE BEEN WARNED!
#
# If you set this to anything other than "", you will need to run checksetup.pl
# as root or as a user who is a member of the specified group.
$webservergroup = 'www-data';
# Set this to 1 if Bugzilla runs in an Apache SuexecUserGroup environment.
#
# If your web server runs control panel software (cPanel, Plesk or similar),
# or if your Bugzilla is to run in a shared hosting environment, then you are
# almost certainly in an Apache SuexecUserGroup environment.
#
# If this is a Windows box, ignore this setting, as it does nothing.
#
# If set to 0, checksetup.pl will set file permissions appropriately for
# a normal webserver environment.
#
# If set to 1, checksetup.pl will set file permissions so that Bugzilla
# works in a SuexecUserGroup environment.
$use_suexec = 0;
# What SQL database to use. Default is mysql. List of supported databases
# can be obtained by listing Bugzilla/DB directory - every module corresponds
# to one supported database and the name of the module (before ".pm")
# corresponds to a valid value for this variable.
$db_driver = 'mysql';
# The DNS name or IP address of the host that the database server runs on.
$db_host = '172.17.0.9';
# The name of the database. For Oracle, this is the database's SID. For
# SQLite, this is a name (or path) for the DB file.
$db_name = 'bugzilla';
# Who we connect to the database as.
$db_user = 'root';
# Enter your database password here. It's normally advisable to specify
# a password for your bugzilla database user.
# If you use apostrophe (') or a backslash (\) in your password, you'll
# need to escape it by preceding it with a '\' character. (\') or (\)
# (It is far simpler to just not use those characters.)
$db_pass = 'root';
# Sometimes the database server is running on a non-standard port. If that's
# the case for your database server, set this to the port number that your
# database server is running on. Setting this to 0 means "use the default
# port for my database server."
$db_port = 3306;
# MySQL Only: Enter a path to the unix socket for MySQL. If this is
# blank, then MySQL's compiled-in default will be used. You probably
# want that.
$db_sock = '';
然后执行perl脚本,即可完成数据库表创建:
./checksetup.pl
配置SMTP邮件(smtp.exmail.qq.com)通知时要注意,不勾选邮件队列(use_mailer_queue:off)和smtp_ssl(off),否则收不到邮件。
Ubutut物理机配置网桥:
cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto enp1s0
iface enp1s0 inet manual
# br0 for kvm
auto br0
iface br0 inet dhcp
hwaddress ether 00:11:32:4F:B2:54
bridge_ports enp1s0
bridge_maxwait 0
bridge_fd 0
bridge_stp off
kvm的xml描述文件:
<domain type='kvm' id='3'>
<name>DSM5.2</name>
<uuid>322f8c59-33a6-4a80-72da-60b0fd2cc73a</uuid>
<description>None</description>
<memory unit='KiB'>4194304</memory>
<currentMemory unit='KiB'>2097152</currentMemory>
<vcpu placement='static' current='2'>4</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64' machine='pc-i440fx-xenial'>hvm</type>
<boot dev='cdrom'/>
<boot dev='hd'/>
<bootmenu enable='yes'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<cpu mode='host-model'>
<model fallback='allow'/>
</cpu>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/kvm-spice</emulator>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<source file='/var/www/webvirtmgr/images/XPEnoboot_DS3615xs_5.2-5967.1.iso'/>
<backingStore/>
<target dev='hda' bus='ide'/>
<readonly/>
<alias name='ide0-1-0'/>
<address type='drive' controller='0' bus='1' target='0' unit='0'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/var/lib/libvirt/images/idsm.img'/>
<backingStore/>
<target dev='hdb' bus='ide'/>
<alias name='ide0-0-1'/>
<address type='drive' controller='0' bus='0' target='0' unit='1'/>
</disk>
<controller type='usb' index='0'>
<alias name='usb'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'>
<alias name='pci.0'/>
</controller>
<controller type='ide' index='0'>
<alias name='ide'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<controller type='sata' index='0'>
<alias name='sata0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</controller>
<interface type='bridge'>
<mac address='52:54:00:d3:95:90'/>
<source network='netbr0' bridge='br0'/>
<target dev='vnet0'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<source path='/dev/pts/1'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<console type='pty' tty='/dev/pts/1'>
<source path='/dev/pts/1'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<input type='tablet' bus='usb'>
<alias name='input0'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='vnc' port='5900' autoport='yes' listen='0.0.0.0' passwd='ZzwZ5tWjoTt2'>
<listen type='address' address='0.0.0.0'/>
</graphics>
<video>
<model type='cirrus' vram='16384' heads='1'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='apparmor' relabel='yes'>
<label>libvirt-322f8c59-33a6-4a80-72da-60b0fd2cc73a</label>
<imagelabel>libvirt-322f8c59-33a6-4a80-72da-60b0fd2cc73a</imagelabel>
</seclabel>
</domain>
/bin/mount -t nfs -o hard 192.168.16.34:/mnt/nas_disk/homes /volume1/homes
/bin/mount -t nfs -o hard 192.168.16.34:/mnt/nas_disk/music /volume1/music
/bin/mount -t nfs -o hard 192.168.16.34:/mnt/nas_disk/photo /volume1/photo
/bin/mount -t nfs -o hard 192.168.16.34:/mnt/nas_disk/video /volume1/video
/bin/mount -t nfs -o hard 192.168.16.34:/mnt/nas_disk/documents /volume1/documents
/bin/mount -t nfs -o hard 192.168.16.34:/mnt/nas_disk/books /volume1/books
/bin/mount -t nfs -o hard 192.168.16.34:/mnt/nas_disk/others /volume1/others
chmod a+x /usr/syno/etc.defaults/rc.d/S99mount.sh
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/srv/storage/images/kerio_control.img'/>
<target dev='vda' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
to
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/srv/storage/images/kerio_control.img'/>
<target dev='hda' bus='ide'/>
<address type='drive' controller='0' bus='0' unit='0'/>
</disk>
<interface type='bridge'>
<mac address='52:54:00:11:c4:3b'/>
<source bridge='br0'/>
<target dev='vnet2'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
改变网卡为
<interface type='bridge'>
<mac address='52:54:00:11:c4:3b'/>
<source bridge='br0'/>
<target dev='vnet2'/>
<model type='e1000'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
生成ssh私钥登录:
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/ml/.ssh/id_rsa): /Users/ml/.ssh/txech_vm
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/ml/.ssh/txech_vm.
Your public key has been saved in /Users/ml/.ssh/txech_vm.pub.
The key fingerprint is:
SHA256:48jFQSCj5YxPr94bglzsYSBWtzcSW8qPoRuvSZCHbx8 ml@mldeMacBook-Pro.local
The key's randomart image is:
+---[RSA 2048]----+
| .+o.o. |
| .*oo*. |
|..+ +B o. |
|..o=..*... |
| + +*...S |
| .+=++ + . |
| o=+E+ . |
| o.+o.. |
| o..o. |
+----[SHA256]-----+
txech_vm.rsa (密码为空)
建立普通用户,并赋予root执行权限:
useradd txtech -s /bin/bash -p 432980san=txt -m -G sudo
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
LogLevel INFO
# Authentication:
LoginGraceTime 120
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PAM authentication via ChallengeResponseAuthentication may bypass
# If you just want the PAM account and session checks to run without
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
UseDNS no
AddressFamily inet
PermitRootLogin yes
SyslogFacility AUTHPRIV
PasswordAuthentication no
mongodb 使用认证:
var opt = {
user: 'mcc',
pass: 'i+mcc=txtmcc',
auth: {
authdb: 'admin'
}
};
let connectDatabase = () => {
mongoose.connect('mongodb://127.0.0.1/txt-lsp-agent-mcc-v2')
let db = mongoose.connection
db.on('error', console.error.bind(console, 'connection error:'))
db.once('open', () => {
console.log('Connected to Database.')
})
}
git reset [–soft | –mixed | –hard
上面常见三种类型
拉取mongo镜像:
启动容器:
初始化admin:
docker run --name txtMongo -p 270127:27017 -v /var/mongo_backup:/data/db -d 71c --auth
use admin
db.createUser(
{
user: "txtAdmin",
pwd: "PivosTxtech07031036",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
(1)重新连接MongoDB数据库
退出容器,重新用下面命令进入容器即可:
docker exec -it mongodb_mongo_1 mongo admin
#———-
#———- MongoDB shell version: 3.2.12 connecting to: admin
(2)授权登录admin
db.auth('txtAdmin', 'PivosTxtech07031036')
(3)创建访问指定数据库的用户
Step1: switch to the specified database:
use octblog
Step2: create a user
db.createUser(
{
user: "txt",
pwd: "itxtmcc",
roles: [ { role: "readWrite", db: "txt-lsp-agent-mcc" },
{ role: "readWrite", db: "txt-lsp-agent-mcc-v2" } ]
}
)
mongodump --collection employee --db mongodevdb --username mongodevdb --password YourSecretPwd --out /dbbackup
Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
solve:
–authenticationDatabase admin
使用指定用户名和备份路径:
docker exec -it d08 mongodump --db txt-lsp-agent-mcc --username txtAdmin --password PivosTxtech07031036 --out /data/db/backup --authenticationDatabase admin
#!/bin/bash
dbNames="txt-lsp-agent-mcc
txt-lsp-agent-api
txt-lsp-agent-mcc-v2
txt-lsp-agent-weixin"
for i in $dbNames
do
docker exec -it d08 mongodump --db $i --username txtAdmin --password PivosTxtech07031036 --out /data/db/backup --authenticationDatabase admin
done
echo; echo "has backup mongodb database in container to /var/mongo_backup/"
exit 0
取消devtool的注释,避免打包出来的js代码包裹在eval(字符串)。
同时指明导出库的类型和名称。
//devtool: 'cheap-module-eval-source-map',
//devtool: 'eval',
//historyApiFallback: true,
entry: {
app: [
'./' + config.src.main
]
},
output: {
libraryTarget: "commonjs-module",
library: 'PublicComponents',
//path: path.join(__dirname, config.dest),
filename: 'txtcomponents.js',
path: path.resolve(__dirname, "./static/"),
//publicPath: "/static/",
},